Date: Wed, 10 Jun 1998 03:30:21 -0400 (EDT) From: "Matthew N. Dodd" <winter@jurai.net> To: Julian Elischer <julian@whistle.com> Cc: current@FreeBSD.ORG Subject: Re: Annnonce: Transparent proxy patches Message-ID: <Pine.BSF.3.96.980610033012.17992J-100000@sasami.jurai.net> In-Reply-To: <Pine.BSF.3.95.980609213531.26901N-100000@current1.whistle.com>
next in thread | previous in thread | raw e-mail | index | archive | help
"Sweet."
On Tue, 9 Jun 1998, Julian Elischer wrote:
>
> Chrisy Luke <chrisy@flix.net> posted a mixed set of patches
> recently that added the ability to do transparent proxying
> to FreeBSD, however there were several shortcomings.
> 1/ In particular you really needed 2 machines or to match 2 different
> rules to be able to do some redirections.
>
> 2/ They were part of his 'multipath' patches.
>
> I have separated them out and updted them for -current.
> I have also put in some code to allow local redirection of outgoing
> packets.
>
> they allow you to do:
>
> ipfw add 2 fwd localhost,4000 tcp from any to any 80 out xmit tun0 recv
> ed0
>
> which would redirect any out going internet http requests from your
> local network to your local web cache (squid?) at port 4000
>
> or even
>
> ipfw add 2 fwd localhost tcp from any to any in recv ed0
>
> Which will 'capture' all packets coming through that machine from ed0 and
> redirect them to the same port on the local machine. This would allow you
> to feed connections to a whole pile of proxies and filters with a single
> firewall rule.
>
> for fun:
>
> ipfw add 2 fwd localhost,25 tcp from any to any 23 in recv ed0
>
> which will redirect all the telnet sessions to smtp :-)
>
> alternatively you could redirect all outgoing http requests to a special
> cache machine ("squid")..
>
> #squid can get anywhere..
> ipfw add 1 allow tcp from squid to any 80
> #everyone else goes via squid
> ipfw add 2 fwd squid,80 tcp from any to any 80 out xmit tun0 recv ed0
>
>
> of course machine squid needs a local redirect to capture the requests..
>
> #gobble
> ipfw add 2 fwd localhost tcp from any to any 80 in
>
> I believe Linux has had this for a short while..
>
> The patches for this are at:
> http://www.freebsd.org/~julian
>
> looking for feedback..
>
>
> julian
>
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-current" in the body of the message
>
/*
Matthew N. Dodd | A memory retaining a love you had for life
winter@jurai.net | As cruel as it seems nothing ever seems to
http://www.jurai.net/~winter | go right - FLA M 3.1:53
*/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980610033012.17992J-100000>